Welcome on the homepage of the chair "Internet Technologies and Systems" of Prof. Dr. Christoph Meinel and his team. We like to inform you about our teaching and ongoing research activities in security, knowledge engineering, innovation and design thinking research.

The chair of Prof. Dr. Christoph Meinel offers courses in the following disciplines: Internet and Web Technologies, (Discrete) Mathematics and Logic, IT Security and Internet Security, Complexity Theory and Information Security as well as Design Thinking.

In Security and Trust Engineering our research and development work is mainly focused on: Network & Internet Security, Cloud and SOA-Security (SOA - Service Oriented Architectures) and Security Awareness.

The research of the team of Prof. Dr. Christoph Meinel in the field of knowledge management and engineering focus on the challenging question, how to manage the mass of digital data, so-called "big data", from Internet and other sources in order to generate new knowledge.

... one of the research topics of the team of Prof. Dr. Christoph Meinel

Introduction

Internet Protocol version 6 (IPv6) has been developed to enhance the Internet's future . It is intended to replace IPv4, as the main Internet communication protocol, primarily because of the lack of available IP addresses with IPv4. In addition to a large address space (128-bits), IPv6 comes with new features and mechanisms, such as StateLess Address AutoConfiguration (SLAAC), Neighbor Discovery (ND), header extension, enhanced mobility, etc., which will facilitate a user's ability to communicate.Despite the fact that IPv6 still maintains much of IPv4's semantics and that two of its protocols have similar functionalities, IPv6 is incompatible with IPv4. IPv6 has its own addressing scheme, so it poses new challenges for routers concerning, for instance, the growth of the forwarding table or the integration of routing algorithms. Moreover, IPv6 and IPv4 headers are mutually exclusive since some fields have been removed, changed, added or expanded for their use in IPv6. Therefore, along with others, the Internet Engineering Task Force (IETF) has been working on several transition mechanisms in an attempt to ensure a smooth migration to IPv6.Since security and privacy are two of the top priorities in today's networks, the research team of Prof. Dr. Christoph Meinel has focused on identifying, mitigating, and protecting against possible risks during IPv6 deployments. In doing this, the research team hopes to contribute to a more reliable and trustworthy network and Internet environment.

IPv6 Security Concerns

In IPv6 networks vulnerabilities may arise for two main reasons: new protocol features and the need to coexist with the existing IPv4 protocol. IPv6 introduces new functionalities in order to facilitate network configuration and management. However, they have also exposed the network to new security threats. For instance, the Neighbor Discovery (ND) and Stateless Address Autoconfiguration (SLAAC) are vulnerable to spoofing and Denial of Service (DoS) attacks. Another example is the randomly generated addresses, which need to keep changing over time in order to protect a users' privacy. This implies, however, new challenges for network administrators, as it also complicates the management of user identities. Finally, although IPv6 and IPv4 have incompatible protocols, they do compete for the same computing resources. Therefore, running these two protocols, in parallel, poses new deployment and security challenges.

Research topics:

Privacy and Security in IPv6 networks

Recently, security and privacy have become important issues when dealing with IPv6 networks. It is for this reason that nodes need to change their IP addresses frequently, in order to prevent other nodes within the network from being able to track them. By doing this nodes thus help prevent privacy related attacks. Changing IP addresses, though, will have an effect on application layer services such as DNS, email, web and etc.

The purpose of our research is to diminish the security and privacy risks that are now present in IPv6 networks. As vendors need to move to and make use of IPv6, we will shortly have an Internet network that totally encompasses the use of IPv6. Therefore there is a need to detect the security flaws in this network, and o find a solution for them, before this protocol becomes even more widely used.

There is currently an IPv6 Research Lab, calledIPv6SSL, where work is being done to create a flexible framework for use as a basic security consulting system.

Securing IPv6 Addressing Mechanisms

IPv6 Stateless Address Auto-Configuration (SLAAC) and Neighbor Discovery (ND) are used for autoconfiguring addresses (without the use of a server) and to discover other nodes on the IPv6 link. Although the autoconfiguration mechanism greatly improves the efficiency of network management, it does have security and privacy issues. Secure Neighbor Discovery (SeND) was designed as a first line of defense against spoofing and Denial of Service (DoS) attacks. It assures the integrity and authenticity of ND messages. SeND is based on the use of RSA Key pairs, Cryptographically Generated Addresses (CGA), digital signatures, and X.509 certificates. Unfortunately, the SeND deployment remains a challenge for several reasons. First, SeND is compute-intensive. Second, its deployment is not trivial and so the SeND Authorization Delegation Discovery (ADD) is, so far, mostly theoretical rather than practical in nature. Third, operating systems lack the sophisticated implementations needed for SeND. The objective of this research topic is to find and develop an efficient and easy model for the optimization of CGA and SeND to make it usable in different IPv6 networks, mainly for use in limited resource devices.